Network switches/switching units are at the core of any communication network. A network switch typically has one or more input ports and one or more output ports, wherein data/communication packets are received at the input ports, processed by the network switch through multiple packet processing stages, and routed by the network switch to other network devices from the output ports according to control logic of the network switch.
Table lookup/search has been widely adopted for policy-based routing/forwarding of packets by the network switch, wherein the network switch performs lookup/search operations on the routing tables stored in the memory of the network switch for each incoming packet via a search key and takes actions as instructed by the table search results or takes a default action in case of a table search miss. Examples of the policy-based routing performed by the network switch include but are not limited to, Access Control List (ACL) and OpenFlow protocol (wherein the OpenFlow protocol allows a remote controller access to the packet forwarding plane of the network switch over the network). The table search in the network switch allows management of network services by decoupling policies/decisions about where traffic/packets are sent (i.e., the control plane of the network switch) from the underlying systems that forwards the packets to the selected destination (i.e., the data plane of the network switch), which is especially important for Software Defined Networks (SDN).
Each table in the network switch typically includes a set of predefined fields, which includes keys that reflect routing/security policies defined and/or configured by administrator/user of a system in which the network switch is deployed. For example, a system administrator may use the predefined fields to form the lookup/security keys to enforce its security policies. Currently, the network switch is typically delivered to the users/customers having a fixed set of static fields for the users to form their keys under the assumption that most of the customers may adopt similar security policies. In reality, however, the security policies may need to change at runtime and it is desirable for the user to be able to define and configure different lookup keys for different security policies of the network switch at deployment and/or runtime.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent upon a reading of the specification and a study of the drawings.